Popular open-source email server suite, mailcow, has released a patch addressing a serious vulnerability that could allow attackers to hijack user accounts. The flaw, identified as CVE-2025-25198, involves password reset poisoning and carries a CVSS score of 7.1 (High).

Mailcow, known for simplifying the setup and management of self-hosted email infrastructure, relies on components like Postfix, Dovecot, and SOGo, and utilizes Docker for ease of deployment.

‍